1. Technical Field
The present invention relates to storage systems and, more particularly, to access-based enumeration of shared resources in such systems.
2. Background Information
A storage system typically includes one or more storage devices, such as disks, into which information may be entered, and from which information may be obtained, as desired. The storage system may also include a storage operating system that may implement a high-level module, such as a file system, to logically organize the information stored on the disks as a hierarchical structure of data containers, such as files and directories. In addition, the storage system may be configured to operate according to a client/server model of information delivery to thereby allow many clients to access the data containers stored on the system. Each client may request the services of the storage system by issuing messages (in the form of packets) to the system using storage (e.g., file-based) access protocols, such as the conventional Common Internet File System (CIFS) protocol.
To facilitate client access to the information stored on the storage system, the storage operating system typically exports units of storage, e.g., (CIFS) shares. As used herein, a share is equivalent to a mount point or shared storage resource, such as a folder or directory that stores information about files or other directories served by the system. A client access feature of the storage system may be to provide an ordered listing or “enumeration” of data containers within a share, or a portion of the share, served by the storage system. Typically, a client issues an enumeration request on behalf of a user to solicit enumeration of the data containers within a directory of the share. In response, the storage system returns a list of descriptors for those data containers included in the directory specified in the enumeration request. The response typically contains only those descriptors for which the user making the enumeration request has sufficient access permission.
Conventionally, access permission is determined per export unit, e.g., per share, as a property of the whole share. Consequently, a user with permission to access the share may have sufficient permission to view a descriptor of any file or folder served by the share, even if that user has insufficient permission to access the files or folders themselves. Security problems may arise for enumeration requests when descriptors of files and folders are visible to a user who doesn't have sufficient permission to access those files and folders. For example, the name of a file or folder may describe confidential information, such as the name of a customer or a new product under development. To remedy this problem, access permission may be determined using access-based enumeration (ABE), which lists descriptors of enumerated data containers based on a user's access permission to those data containers. A user without sufficient permission to access a data container is deemed to have insufficient permission to access a descriptor of the data container.
A further security problem arises with access-based enumeration of junctions or mount points. As used herein, a junction or mount point is an identifier that redirects access to a data container to a storage location referenced by the junction rather than the location containing the junction or mount point; however, permission to access the data container may appropriately reside at the reference location. For example, the administrator may alter the access permission of the data container at the reference location leaving any permission stored at the location of the junction or mount point unaltered. Failure to apply the appropriate user access permission of the data container at the reference location, in response to an enumeration request, may result in a security breach in which a descriptor of a junction or mount point is provided to a user with insufficient permission to access the contents of the data container referenced by that junction or mount point. The problem may be compounded when further indirection is employed, such as when a junction references a data container at another storage location and that data container includes another junction that references yet another data container at yet another storage location, and so on.
Accordingly, there remains a need for a method and system for secure access-based enumeration of junctions or mount points on a server.